Re: [PATCH rdma-rc 1/2] IB/core: Only enforce security for InfiniBand

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 21/11/2017 17:14, Jason Gunthorpe wrote:
> On Tue, Nov 21, 2017 at 03:56:19PM +0200, Mark Bloch wrote:
> 
>> I just gave mlx4 as an example, but I was talking more about the ability of the RDMA
>> subsystem to support mixed port types, so in this case, if in the future a vendor
>> will come with an ib_device with 2 ports, one is IB and one is iWARP bad things will happen.
> 
> That will never be allowed.
> 

You say never be allowed, I say code talks, and in the code we don't have this restriction.
maybe we should add something?

LSM security enforcement should only take place on IB devices, Daniel's comment even says that:

> +	/* If this isn't an IB device don't create the security context */
> +	if (!is_ib)
> +		return 0;

but how do we define an ib device with different port types?
also while today we only deal with pkeys (if I remember currently) in the future
we might add other bits, and those bits might not play nicely in the that configuration.

Maybe we should make sure all the ports are IB, and if not, flag it to the user (dmesg?)

> Even mixing roce and IB on the same device should be banned, IMHO.

> If APM does not work between the ports then they do not belong on the
> same device.
> 
> Jason
> 

Mark.
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux